http://arstechnica.com/gadgets/news/...n-gsm-call.ars

Once again, as if it was needed, researchers prove just how woefully insecure the ancient GSM protocol is, by being able to decrypt and monitor a GSM (2G) call within a few minutes. Will the mobile phone networks still claim this is a theoretical problem and refuse to do anything about it ?

The basic GSM encryption protocol was cracked a few years ago now, and no real changes have been made, despite it being shown to be as insecure and fundamentally broken as WEP.

As far as I'm aware, at least some aspects of this current exploit do not work on UMTS (3G) so this is one good thing about the concept of a 3G only network. (Any hybrid 2G/3G network can shunt a 3G call to 2G at any time, including in response to malicious 3rd party intervention thus making a "secure" call insecure)

At the very least, the populace should be made aware that mobile phone calls, at least on 2G are no longer secure, and with the release of information like this it won't be long until the necessary hardware and software is within the reach of "hobbyist" hackers, much like it's now trivial to snoop on WEP encrypted traffic.